From decf5da1c210e152c1b66ebb1344c7652ae0286c Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 11:36:44 +0800
Subject: [PATCH 1/9] refactor: new file structure

---
 Dockerfile |  2 +-
 load.sh    | 80 ++++++++++++++++++++++++++----------------------------
 2 files changed, 39 insertions(+), 43 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index dfc8d49..696ecc6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ COPY --from=asset /tmp/asset/ /etc/xray/asset/
 COPY --from=asset /tmp/xray/xray /usr/bin/
 ENV XRAY_LOCATION_ASSET=/etc/xray/asset
 RUN apk --update add --no-cache iptables ip6tables && \
-    mkdir -p /etc/xray/conf && \
+    mkdir -p /etc/xray/config && \
     mkdir -p /etc/xray/expose/log && \
     mkdir -p /etc/xray/expose/segment && \
     mv /etc/xray/tproxy.sh /
diff --git a/load.sh b/load.sh
index a0d136e..1241da4 100755
--- a/load.sh
+++ b/load.sh
@@ -1,20 +1,35 @@
 XRAY_DIR="/etc/xray"
 LOG_DIR="$XRAY_DIR/expose/log"
+CONFIG_DIR="$XRAY_DIR/expose/config"
+
+load_log(){
+log_level=`cat $LOG_DIR/level`
+legal=false
+[ "$log_level" == "debug" ] && legal=true
+[ "$log_level" == "info" ] && legal=true
+[ "$log_level" == "warning" ] && legal=true
+[ "$log_level" == "error" ] && legal=true
+[ "$log_level" == "none" ] && legal=true
+[ "$legal" == false ] && log_level="warning"
+cat>$XRAY_DIR/config/log.json<<EOF
+{
+  "log": {
+    "loglevel": "$log_level",
+    "access": "$LOG_DIR/access.log",
+    "error": "$LOG_DIR/error.log"
+  }
+}
+EOF
+}
+
 load_inbounds(){
-cat>$XRAY_DIR/conf/inbounds.json<<EOF
+cat>$XRAY_DIR/config/inbounds.json<<EOF
 {
   "inbounds": [
     {
       "tag": "tproxy",
       "port": 7288,
       "protocol": "dokodemo-door",
-      "sniffing": {
-        "enabled": true,
-        "destOverride": [
-          "http",
-          "tls"
-        ]
-      },
       "settings": {
         "network": "tcp,udp",
         "followRedirect": true
@@ -82,28 +97,8 @@ cat>$XRAY_DIR/conf/inbounds.json<<EOF
 EOF
 }
 
-load_log(){
-log_level=`cat $LOG_DIR/level`
-legal=false
-[ "$log_level" == "debug" ] && legal=true
-[ "$log_level" == "info" ] && legal=true
-[ "$log_level" == "warning" ] && legal=true
-[ "$log_level" == "error" ] && legal=true
-[ "$log_level" == "none" ] && legal=true
-[ "$legal" == false ] && log_level="warning"
-cat>$XRAY_DIR/conf/log.json<<EOF
-{
-  "log": {
-    "loglevel": "$log_level",
-    "access": "$LOG_DIR/access.log",
-    "error": "$LOG_DIR/error.log" 
-  }
-}
-EOF
-}
-
 load_outbounds(){
-cat>$XRAY_DIR/expose/outbounds.json<<EOF
+cat>$CONFIG_DIR/outbounds.json<<EOF
 {
   "outbounds": [
     {
@@ -116,10 +111,10 @@ EOF
 }
 
 load_routing(){
-cat>$XRAY_DIR/expose/routing.json<<EOF
+cat>$CONFIG_DIR/routing.json<<EOF
 {
   "routing": {
-    "domainStrategy": "IPIfNonMatch",
+    "domainStrategy": "AsIs",
     "rules": [
       {
         "type": "field",
@@ -141,12 +136,11 @@ EOF
 
 
 load_dns(){
-cat>$XRAY_DIR/expose/dns.json<<EOF
+cat>$CONFIG_DIR/dns.json<<EOF
 {
   "dns": {
     "servers": [
-      "223.5.5.5",
-      "119.29.29.29"
+      "localhost"
     ]
   }
 }
@@ -170,18 +164,20 @@ FF00::/8
 EOF
 }
 
-mkdir -p $XRAY_DIR/conf
+mkdir -p $XRAY_DIR/config
 mkdir -p $XRAY_DIR/expose/segment
 mkdir -p $LOG_DIR
+mkdir -p $CONFIG_DIR
+
 [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
 [ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
-load_inbounds
+
 load_log
-[ ! -s "$XRAY_DIR/expose/outbounds.json" ] && load_outbounds
-[ ! -s "$XRAY_DIR/expose/routing.json" ] && load_routing
-[ ! -s "$XRAY_DIR/expose/dns.json" ] && load_dns
-cp $XRAY_DIR/expose/outbounds.json $XRAY_DIR/conf/
-cp $XRAY_DIR/expose/routing.json $XRAY_DIR/conf/
-cp $XRAY_DIR/expose/dns.json $XRAY_DIR/conf/
+load_inbounds
+[ ! -s "$CONFIG_DIR/outbounds.json" ] && load_outbounds
+[ ! -s "$CONFIG_DIR/routing.json" ] && load_routing
+[ ! -s "$CONFIG_DIR/dns.json" ] && load_dns
+cp $CONFIG_DIR/*.json $XRAY_DIR/config/
+
 [ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
 [ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6

From 62eaafe60837031027490704a8cf32440fbfa4a6 Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 11:41:25 +0800
Subject: [PATCH 2/9] feat: ipv6 inbound for tproxy

---
 load.sh   | 21 +++++++++++++++++++++
 tproxy.sh |  6 +++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/load.sh b/load.sh
index 1241da4..1ddab48 100755
--- a/load.sh
+++ b/load.sh
@@ -47,6 +47,27 @@ cat>$XRAY_DIR/config/inbounds.json<<EOF
         ]
       }
     },
+    {
+      "tag": "tproxy6",
+      "port": 7289,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "network": "tcp,udp",
+        "followRedirect": true
+      },
+      "streamSettings": {
+        "sockopt": {
+          "tproxy": "tproxy"
+        }
+      },
+      "sniffing": {
+        "enabled": true,
+        "destOverride": [
+          "http",
+          "tls"
+        ]
+      }
+    },
     {
       "tag": "socks",
       "port": 1080,
diff --git a/tproxy.sh b/tproxy.sh
index bd90eec..3f8bef0 100755
--- a/tproxy.sh
+++ b/tproxy.sh
@@ -19,8 +19,8 @@ while read -r segment
 do
   eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
 done < /etc/xray/expose/segment/ipv6
-ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
-ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
+ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
+ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
 ip6tables -t mangle -A PREROUTING -j XRAY6
 
-xray -confdir /etc/xray/conf/
+xray -confdir /etc/xray/config/

From a64255973d0c87e1f89906cc2e3458f509ff9c5b Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 13:16:34 +0800
Subject: [PATCH 3/9] feat: custom geo asset files

---
 load.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/load.sh b/load.sh
index 1ddab48..bc5aba8 100755
--- a/load.sh
+++ b/load.sh
@@ -1,5 +1,6 @@
 XRAY_DIR="/etc/xray"
 LOG_DIR="$XRAY_DIR/expose/log"
+ASSET_DIR="$XRAY_DIR/expose/asset"
 CONFIG_DIR="$XRAY_DIR/expose/config"
 
 load_log(){
@@ -168,6 +169,23 @@ cat>$CONFIG_DIR/dns.json<<EOF
 EOF
 }
 
+load_asset_update(){
+cat>$ASSET_DIR/update.sh<<"EOF"
+GITHUB="github.com"
+ASSET_REPO="Loyalsoldier/v2ray-rules-dat"
+VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
+mkdir -p ./temp/
+wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat"
+file_size=`du ./temp/geoip.dat | awk '{print $1}'`
+[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./
+wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat"
+file_size=`du ./temp/geosite.dat | awk '{print $1}'`
+[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./
+rm -rf ./temp/
+EOF
+chmod +x $ASSET_DIR/update.sh
+}
+
 load_ipv4(){
 cat>$XRAY_DIR/expose/segment/ipv4<<EOF
 127.0.0.0/8
@@ -188,6 +206,7 @@ EOF
 mkdir -p $XRAY_DIR/config
 mkdir -p $XRAY_DIR/expose/segment
 mkdir -p $LOG_DIR
+mkdir -p $ASSET_DIR
 mkdir -p $CONFIG_DIR
 
 [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
@@ -200,5 +219,10 @@ load_inbounds
 [ ! -s "$CONFIG_DIR/dns.json" ] && load_dns
 cp $CONFIG_DIR/*.json $XRAY_DIR/config/
 
+[ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/
+[ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/
+[ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update
+cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
+
 [ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
 [ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6

From 843eecbc0aa9b27abfde5a07e28ecb44eaf0c84f Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 18:57:21 +0800
Subject: [PATCH 4/9] feat: automatic network configuration

---
 load.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/load.sh b/load.sh
index bc5aba8..f5e9449 100755
--- a/load.sh
+++ b/load.sh
@@ -2,6 +2,7 @@ XRAY_DIR="/etc/xray"
 LOG_DIR="$XRAY_DIR/expose/log"
 ASSET_DIR="$XRAY_DIR/expose/asset"
 CONFIG_DIR="$XRAY_DIR/expose/config"
+NETWORK_DIR="$XRAY_DIR/expose/network"
 
 load_log(){
 log_level=`cat $LOG_DIR/level`
@@ -186,6 +187,65 @@ EOF
 chmod +x $ASSET_DIR/update.sh
 }
 
+load_network_ipv4(){
+cat>"$NETWORK_DIR/ipv4"<<EOF
+ADDRESS=
+GATEWAY=
+FORWARD=true
+EOF
+}
+
+load_network_ipv6(){
+cat>"$NETWORK_DIR/ipv6"<<EOF
+ADDRESS=
+GATEWAY=
+FORWARD=true
+EOF
+}
+
+init_network(){
+ifconfig eth0 down
+ip -4 addr flush dev eth0
+ip -6 addr flush dev eth0
+ifconfig eth0 up
+while read -r row
+do
+  temp=${row#ADDRESS=}
+  [ "$row" != "$temp" ] && ipv4_address=$temp
+  temp=${row#GATEWAY=}
+  [ "$row" != "$temp" ] && ipv4_gateway=$temp
+  temp=${row#FORWARD=}
+  [ "$row" != "$temp" ] && ipv4_forward=$temp
+done < $NETWORK_DIR/ipv4
+[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
+[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
+if [ -n "$ipv4_forward" ]; then
+  if [ "$ipv4_forward" = "true" ]; then
+    eval "sysctl -w net.ipv4.ip_forward=1"
+  else
+    eval "sysctl -w net.ipv4.ip_forward=0"
+  fi
+fi
+while read -r row
+do
+  temp=${row#ADDRESS=}
+  [ "$row" != "$temp" ] && ipv6_address=$temp
+  temp=${row#GATEWAY=}
+  [ "$row" != "$temp" ] && ipv6_gateway=$temp
+  temp=${row#FORWARD=}
+  [ "$row" != "$temp" ] && ipv6_forward=$temp
+done < $NETWORK_DIR/ipv6
+[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
+[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
+if [ -n "$ipv6_forward" ]; then
+  if [ "$ipv6_forward" = "true" ]; then
+    eval "sysctl -w net.ipv6.conf.all.forwarding=1"
+  else
+    eval "sysctl -w net.ipv6.conf.all.forwarding=0"
+  fi
+fi
+}
+
 load_ipv4(){
 cat>$XRAY_DIR/expose/segment/ipv4<<EOF
 127.0.0.0/8
@@ -226,3 +286,8 @@ cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
 
 [ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
 [ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6
+
+[ -f "$NETWORK_DIR/ignore" ] && exit
+[ ! -s "$NETWORK_DIR/ipv4" ] && load_network_ipv4
+[ ! -s "$NETWORK_DIR/ipv6" ] && load_network_ipv6
+init_network

From d10161c39a155ffc633dc739b8358f251b9e93f5 Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 19:12:33 +0800
Subject: [PATCH 5/9] feat: custom dns server

---
 load.sh | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/load.sh b/load.sh
index f5e9449..f29b973 100755
--- a/load.sh
+++ b/load.sh
@@ -120,6 +120,18 @@ cat>$XRAY_DIR/config/inbounds.json<<EOF
 EOF
 }
 
+load_dns(){
+cat>$CONFIG_DIR/dns.json<<EOF
+{
+  "dns": {
+    "servers": [
+      "localhost"
+    ]
+  }
+}
+EOF
+}
+
 load_outbounds(){
 cat>$CONFIG_DIR/outbounds.json<<EOF
 {
@@ -157,19 +169,6 @@ cat>$CONFIG_DIR/routing.json<<EOF
 EOF
 }
 
-
-load_dns(){
-cat>$CONFIG_DIR/dns.json<<EOF
-{
-  "dns": {
-    "servers": [
-      "localhost"
-    ]
-  }
-}
-EOF
-}
-
 load_asset_update(){
 cat>$ASSET_DIR/update.sh<<"EOF"
 GITHUB="github.com"
@@ -244,6 +243,13 @@ if [ -n "$ipv6_forward" ]; then
     eval "sysctl -w net.ipv6.conf.all.forwarding=0"
   fi
 fi
+if [ -s "$NETWORK_DIR/dns" ]; then
+  cat /dev/null > /etc/resolv.conf
+  while read -r row
+  do
+    echo "nameserver $row" >> /etc/resolv.conf
+  done < $NETWORK_DIR/dns
+fi
 }
 
 load_ipv4(){

From 5ac4d5ae7c5ec35f6f8c27ffb8198abc752667de Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 19:45:02 +0800
Subject: [PATCH 6/9] fix: don't create log files in none level

---
 load.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/load.sh b/load.sh
index f29b973..aba3108 100755
--- a/load.sh
+++ b/load.sh
@@ -13,6 +13,10 @@ legal=false
 [ "$log_level" == "error" ] && legal=true
 [ "$log_level" == "none" ] && legal=true
 [ "$legal" == false ] && log_level="warning"
+if [ "$log_level" != "none" ]; then
+  [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
+  [ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
+fi
 cat>$XRAY_DIR/config/log.json<<EOF
 {
   "log": {
@@ -274,9 +278,7 @@ mkdir -p $XRAY_DIR/expose/segment
 mkdir -p $LOG_DIR
 mkdir -p $ASSET_DIR
 mkdir -p $CONFIG_DIR
-
-[ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
-[ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
+mkdir -p $NETWORK_DIR
 
 load_log
 load_inbounds

From 99247f7c8fc491506ad97ce6a00433de29185a95 Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 20:15:21 +0800
Subject: [PATCH 7/9] feat: bypass the private network automatically

---
 load.sh   | 39 ++++++++++++++++++++-------------------
 tproxy.sh | 12 ++++++++++++
 2 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/load.sh b/load.sh
index aba3108..064e888 100755
--- a/load.sh
+++ b/load.sh
@@ -191,7 +191,7 @@ chmod +x $ASSET_DIR/update.sh
 }
 
 load_network_ipv4(){
-cat>"$NETWORK_DIR/ipv4"<<EOF
+cat>"$NETWORK_DIR/interface/ipv4"<<EOF
 ADDRESS=
 GATEWAY=
 FORWARD=true
@@ -199,7 +199,7 @@ EOF
 }
 
 load_network_ipv6(){
-cat>"$NETWORK_DIR/ipv6"<<EOF
+cat>"$NETWORK_DIR/interface/ipv6"<<EOF
 ADDRESS=
 GATEWAY=
 FORWARD=true
@@ -219,7 +219,7 @@ do
   [ "$row" != "$temp" ] && ipv4_gateway=$temp
   temp=${row#FORWARD=}
   [ "$row" != "$temp" ] && ipv4_forward=$temp
-done < $NETWORK_DIR/ipv4
+done < $NETWORK_DIR/interface/ipv4
 [ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
 [ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
 if [ -n "$ipv4_forward" ]; then
@@ -237,7 +237,7 @@ do
   [ "$row" != "$temp" ] && ipv6_gateway=$temp
   temp=${row#FORWARD=}
   [ "$row" != "$temp" ] && ipv6_forward=$temp
-done < $NETWORK_DIR/ipv6
+done < $NETWORK_DIR/interface/ipv6
 [ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
 [ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
 if [ -n "$ipv6_forward" ]; then
@@ -247,18 +247,18 @@ if [ -n "$ipv6_forward" ]; then
     eval "sysctl -w net.ipv6.conf.all.forwarding=0"
   fi
 fi
-if [ -s "$NETWORK_DIR/dns" ]; then
-  cat /dev/null > /etc/resolv.conf
-  while read -r row
-  do
-    echo "nameserver $row" >> /etc/resolv.conf
-  done < $NETWORK_DIR/dns
-fi
+}
+
+init_dns(){
+cat /dev/null > /etc/resolv.conf
+while read -r row
+do
+  echo "nameserver $row" >> /etc/resolv.conf
+done < $NETWORK_DIR/dns
 }
 
 load_ipv4(){
 cat>$XRAY_DIR/expose/segment/ipv4<<EOF
-127.0.0.0/8
 169.254.0.0/16
 224.0.0.0/3
 EOF
@@ -266,10 +266,9 @@ EOF
 
 load_ipv6(){
 cat>$XRAY_DIR/expose/segment/ipv6<<EOF
-::1/128
-FC00::/7
-FE80::/10
-FF00::/8
+fc00::/7
+fe80::/10
+ff00::/8
 EOF
 }
 
@@ -295,7 +294,9 @@ cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
 [ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
 [ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6
 
-[ -f "$NETWORK_DIR/ignore" ] && exit
-[ ! -s "$NETWORK_DIR/ipv4" ] && load_network_ipv4
-[ ! -s "$NETWORK_DIR/ipv6" ] && load_network_ipv6
+mkdir -p $NETWORK_DIR/interface
+[ -s "$NETWORK_DIR/dns" ] && init_dns
+[ -f "$NETWORK_DIR/interface/ignore" ] && exit
+[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
+[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
 init_network
diff --git a/tproxy.sh b/tproxy.sh
index 3f8bef0..78b1a4f 100755
--- a/tproxy.sh
+++ b/tproxy.sh
@@ -4,6 +4,12 @@ sh /etc/xray/load.sh
 ip rule add fwmark 1 table 100
 ip route add local 0.0.0.0/0 dev lo table 100
 iptables -t mangle -N XRAY
+ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range
+while read -r segment
+do
+  eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
+done < /ipv4_range
+rm -f /ipv4_range
 while read -r segment
 do
   eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
@@ -15,6 +21,12 @@ iptables -t mangle -A PREROUTING -j XRAY
 ip -6 rule add fwmark 1 table 106
 ip -6 route add local ::/0 dev lo table 106
 ip6tables -t mangle -N XRAY6
+ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range
+while read -r segment
+do
+  eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
+done < /ipv6_range
+rm -f /ipv6_range
 while read -r segment
 do
   eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"

From 0f8326fae1bd4738625c6e1ddfdb57fbcb7869be Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 20:57:06 +0800
Subject: [PATCH 8/9] refactor: custom bypass network segment

---
 load.sh   | 39 +++++++++++++++++++--------------------
 tproxy.sh |  4 ++--
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/load.sh b/load.sh
index 064e888..b1a9b69 100755
--- a/load.sh
+++ b/load.sh
@@ -190,6 +190,21 @@ EOF
 chmod +x $ASSET_DIR/update.sh
 }
 
+load_bypass_ipv4(){
+cat>"$NETWORK_DIR/bypass/ipv4"<<EOF
+169.254.0.0/16
+224.0.0.0/3
+EOF
+}
+
+load_bypass_ipv6(){
+cat>"$NETWORK_DIR/bypass/ipv6"<<EOF
+fc00::/7
+fe80::/10
+ff00::/8
+EOF
+}
+
 load_network_ipv4(){
 cat>"$NETWORK_DIR/interface/ipv4"<<EOF
 ADDRESS=
@@ -257,27 +272,11 @@ do
 done < $NETWORK_DIR/dns
 }
 
-load_ipv4(){
-cat>$XRAY_DIR/expose/segment/ipv4<<EOF
-169.254.0.0/16
-224.0.0.0/3
-EOF
-}
-
-load_ipv6(){
-cat>$XRAY_DIR/expose/segment/ipv6<<EOF
-fc00::/7
-fe80::/10
-ff00::/8
-EOF
-}
-
-mkdir -p $XRAY_DIR/config
-mkdir -p $XRAY_DIR/expose/segment
 mkdir -p $LOG_DIR
 mkdir -p $ASSET_DIR
 mkdir -p $CONFIG_DIR
 mkdir -p $NETWORK_DIR
+mkdir -p $XRAY_DIR/config
 
 load_log
 load_inbounds
@@ -291,11 +290,11 @@ cp $CONFIG_DIR/*.json $XRAY_DIR/config/
 [ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update
 cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
 
-[ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
-[ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6
-
+mkdir -p $NETWORK_DIR/bypass
 mkdir -p $NETWORK_DIR/interface
 [ -s "$NETWORK_DIR/dns" ] && init_dns
+[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4
+[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6
 [ -f "$NETWORK_DIR/interface/ignore" ] && exit
 [ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
 [ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
diff --git a/tproxy.sh b/tproxy.sh
index 78b1a4f..fade183 100755
--- a/tproxy.sh
+++ b/tproxy.sh
@@ -13,7 +13,7 @@ rm -f /ipv4_range
 while read -r segment
 do
   eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
-done < /etc/xray/expose/segment/ipv4
+done < /etc/xray/expose/network/bypass/ipv4
 iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
 iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
 iptables -t mangle -A PREROUTING -j XRAY
@@ -30,7 +30,7 @@ rm -f /ipv6_range
 while read -r segment
 do
   eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
-done < /etc/xray/expose/segment/ipv6
+done < /etc/xray/expose/network/bypass/ipv6
 ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
 ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
 ip6tables -t mangle -A PREROUTING -j XRAY6

From e5448123ec9ce5011cd15ec9edfa93e7cf1b600d Mon Sep 17 00:00:00 2001
From: dnomd343 <i@343.re>
Date: Sat, 25 Sep 2021 22:29:16 +0800
Subject: [PATCH 9/9] update: some adjustments

---
 Dockerfile |  4 +---
 asset.sh   |  2 +-
 load.sh    | 46 ++++++++++++----------------------------------
 tproxy.sh  |  4 ++--
 4 files changed, 16 insertions(+), 40 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 696ecc6..20be078 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine as asset
 COPY ./asset.sh /
-RUN apk --update add --no-cache curl wget && \
+RUN apk --update add --no-cache curl wget jq && \
     sh /asset.sh
 
 FROM alpine
@@ -10,7 +10,5 @@ COPY --from=asset /tmp/xray/xray /usr/bin/
 ENV XRAY_LOCATION_ASSET=/etc/xray/asset
 RUN apk --update add --no-cache iptables ip6tables && \
     mkdir -p /etc/xray/config && \
-    mkdir -p /etc/xray/expose/log && \
-    mkdir -p /etc/xray/expose/segment && \
     mv /etc/xray/tproxy.sh /
 CMD ["sh","/tproxy.sh"]
diff --git a/asset.sh b/asset.sh
index 8cc9e9c..1892855 100644
--- a/asset.sh
+++ b/asset.sh
@@ -1,5 +1,5 @@
 get_github_latest_version() {
-  VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
+  VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | jq | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
 }
 
 get_architecture() {
diff --git a/load.sh b/load.sh
index b1a9b69..9da7b20 100755
--- a/load.sh
+++ b/load.sh
@@ -14,8 +14,8 @@ legal=false
 [ "$log_level" == "none" ] && legal=true
 [ "$legal" == false ] && log_level="warning"
 if [ "$log_level" != "none" ]; then
-  [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
-  [ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
+  [ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
+  [ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
 fi
 cat>$XRAY_DIR/config/log.json<<EOF
 {
@@ -103,21 +103,6 @@ cat>$XRAY_DIR/config/inbounds.json<<EOF
           "tls"
         ]
       }
-    },
-    {
-      "tag": "proxy",
-      "port": 10808,
-      "protocol": "socks",
-      "settings": {
-        "udp": true
-      },
-      "sniffing": {
-        "enabled": true,
-        "destOverride": [
-          "http",
-          "tls"
-        ]
-      }
     }
   ]
 }
@@ -142,7 +127,8 @@ cat>$CONFIG_DIR/outbounds.json<<EOF
   "outbounds": [
     {
       "tag": "node",
-      "protocol": "freedom"
+      "protocol": "freedom",
+      "settings": {}
     }
   ]
 }
@@ -155,13 +141,6 @@ cat>$CONFIG_DIR/routing.json<<EOF
   "routing": {
     "domainStrategy": "AsIs",
     "rules": [
-      {
-        "type": "field",
-        "inboundTag": [
-          "proxy"
-        ],
-        "outboundTag": "node"
-      },
       {
         "type": "field",
         "network": "tcp,udp",
@@ -221,6 +200,14 @@ FORWARD=true
 EOF
 }
 
+init_dns(){
+cat /dev/null > /etc/resolv.conf
+while read -r row
+do
+  echo "nameserver $row" >> /etc/resolv.conf
+done < $NETWORK_DIR/dns
+}
+
 init_network(){
 ifconfig eth0 down
 ip -4 addr flush dev eth0
@@ -264,19 +251,10 @@ if [ -n "$ipv6_forward" ]; then
 fi
 }
 
-init_dns(){
-cat /dev/null > /etc/resolv.conf
-while read -r row
-do
-  echo "nameserver $row" >> /etc/resolv.conf
-done < $NETWORK_DIR/dns
-}
-
 mkdir -p $LOG_DIR
 mkdir -p $ASSET_DIR
 mkdir -p $CONFIG_DIR
 mkdir -p $NETWORK_DIR
-mkdir -p $XRAY_DIR/config
 
 load_log
 load_inbounds
diff --git a/tproxy.sh b/tproxy.sh
index fade183..687793a 100755
--- a/tproxy.sh
+++ b/tproxy.sh
@@ -1,8 +1,8 @@
 [ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh
 sh /etc/xray/load.sh
 
-ip rule add fwmark 1 table 100
-ip route add local 0.0.0.0/0 dev lo table 100
+ip -4 rule add fwmark 1 table 100
+ip -4 route add local 0.0.0.0/0 dev lo table 100
 iptables -t mangle -N XRAY
 ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range
 while read -r segment